diff --git a/models/site.rb b/models/site.rb
index 42a5130c..8e0cadfe 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -801,7 +801,9 @@ class Site < Sequel::Model
   end
 
   def create_directory(path)
+    path = scrubbed_path path
     relative_path = files_path path
+
     if Dir.exists?(relative_path) || File.exist?(relative_path)
       return 'Directory (or file) already exists.'
     end
@@ -820,7 +822,6 @@ class Site < Sequel::Model
       raise ArgumentError, 'directory name cannot be empty' if path_site_file == ''
 
       site_file = SiteFile.where(site_id: self.id, path: path_site_file).first
-
       if site_file.nil?
         SiteFile.create(
           site_id: self.id,
diff --git a/tests/site_file_tests.rb b/tests/site_file_tests.rb
index e9261baa..f8d1dbf0 100644
--- a/tests/site_file_tests.rb
+++ b/tests/site_file_tests.rb
@@ -78,7 +78,7 @@ describe 'site_files' do
       @site.site_files.select {|sf| sf.path =~ /test2\/test.jpg/}.length.must_equal 1
       @site.site_files.select {|sf| sf.path =~ /test\/test.jpg/}.length.must_equal 0
 
-      PurgeCacheWorker.jobs.collect {|p| p['args'].last}.must_equal ["/test/test.jpg", "/test/index.html", "/test/", "test", "test2", "test/test.jpg", "test2/test.jpg", "test/index.html", "test/", "test2/index.html", "test2/"]
+      PurgeCacheWorker.jobs.collect {|p| p['args'].last}.sort.must_equal ["/test/test.jpg", "/test/index.html", "/test/", "test", "test2", "test/test.jpg", "test2/test.jpg", "test/index.html", "test/", "test2/index.html", "test2/"].sort
     end
 
     it 'doesnt wipe out existing file' do
@@ -450,6 +450,13 @@ describe 'site_files' do
       @site.reload.changed_count.must_equal 2
     end
 
+    describe 'directory create' do
+      it 'scrubs ../ from directory' do
+        @site.create_directory '../../test'
+        @site.site_files.select {|site_file| site_file.path =~ /\.\./}.length.must_equal 0
+      end
+    end
+
     describe 'classification' do
       before do
         puts "TODO FINISH CLASSIFIER"